Searching for Files and Registry Keys in ICE

While developing the toolset for Windows Embedded Standard 2011, we wanted to always allow the user fine-grained control over their image, and let the user be aware of how their image was being crafted. The main job of Image Configuration Editor (ICE), the main GUI tool for creating answer files, is to add packages and allow settings to be overridden with values you define. However, often you as the developer know you need a specific file, or a registry key needs to exist on your system, for your application to work properly. But which package contains the component that owns that resource?

In ICE’s Find feature, we’ve provided the ability to search for that information too. Within ICE, open the distribution share of your choice, then choose Find from Edit… Find Menu, or Alt + F, or the button on the toolbar. You may open an answer file before this to optionally allow searching just the packages in your answer file.

In the Find dialog, you’ll see a lot of checkboxes to refine what data you’re searching over. Searching over files and registry keys is a lot of data to search, and they are off by default. Click Search Registry Keys, and then search the Distribution Share for ScreenSaveActive. You’ll see a hit in System Control Panel, like this:

So System Control Panel/Registry Keys means ICE found a hit of the search token in a registry key owned by a component in the package System Control Panel. The value is a bit more mysterious. Everything before the | is the Registry Key – HKEY_CURRENT_USER\Control Panel\Desktop in this case. ScreenSaveActive is the value (a DWORD, string, binary, etc variable that you can add to a key) and the 1 on the right hand of the equals is the data, what the value contains. We explicitly say what the registry key value is, but we format it so you can infer it. This key is actually a string – DWORD keys will have their values returned as hexadecimal numbers, prefixed by 0x.

Let’s search for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon now. What’s this, an error? Something about an unrecognized escape sequence? In CTP2, ICE uses regular expression search. This is very flexible and powerful, but is not intuitive. (Since CTP2 we have modified this- we have added an option to turn this on or off) Using CTP2 as an example for now, let’s make our query a regex by searching for HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon, however HKEY_LOCAL_MACHINE\\.*\\Winlogon widens our search concerning Winlogon registry keys. HKEY_LOCAL_MACHINE\\.*\\Winlogon[^{]*$ will filter out all keys with GUIDs in them.

File search works just the same. Uncheck Search Registry keys, and check Search filenames in packages, and try searching for vb\w+\.dll$ to search for some Visual Basic-related files. Regular expressions are particularly helpful for searching among short strings like filenames.

If you have an answer file loaded, you will also see hits from packages in your answer file. This does give repeated hits, but we provide this to allow you to see what files are going on your image. Simply uncheck it if you are just concerned about searching the distribution share.